How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH – Kinsta

When you run a WordPress website, it is vital that you make sure that visitors can access it with ease. So, encountering error messages and connection issues, such as Chrome error warnings, can be quite frustrating.

In this post, we’ll discuss the ERR_SSL_OBSOLETE_VERSION warning in Chrome, explain why it happens, and talk about what you can do to resolve it.

Start!

What TLS

1.0 and 1.1 are (and why they are no longer supported)

Starting with Google Chrome 72, one key thing has changed: the popular browser began to stop supporting legacy versions of TLS. This shouldn’t be news, since, in 2019, Google and a variety of other major browsers had already revealed that they would be spurning support for TLS 1.0 and TLS 1.1.

This is being done to improve the security and performance of browsers, and protect users from unsafe sites.

TLS is short for “Transport Layer Security.” It is an encryption security protocol responsible for safeguarding data that is transmitted online. In other words, it protects the information that is sent between your website’s server and the end user’s browser.

At this point, TLS 1.0 and TLS 1.1 are older standards that have several limitations and are not supported by many modern Internet technologies. Therefore, the focus is now turning to the new TLS 1.2 and 1.3 versions.

These offer better security and faster speeds and are already standard for almost all browser-based connections.

The Dangers of Using Older TLS Versions

on Your Website

So what does this mean for the future of Chrome browsers, and more specifically for your website users? Starting with Chrome 79, if a site uses TLS 1.0 or TLS 1.1, Chrome will display a warning notification indicating an “unsecured” connection.

ERR_SSL_OBSOLETE_VERSION
A new security indicator is displayed to users visiting a site using TLS 1.0 or 1.1 (Image source: chromium.org)

When the visitor clicks for more information, they will see a message similar to this:

“Your connection is not totally secure. This site uses outdated security settings, which may expose your information.”

Naturally, this message is likely to drive away many potential visitors.

This is similar to other types of Chrome warnings you may have seen in the past. However, it’s important to note that this particular notification will only get more severe as new versions of Chrome are released.

For example, with Chrome 81 scheduled to launch in March 2021, connections to sites that use outdated security protocols will be blocked entirely.

ERR_SSL_OBSOLETE_VERSION
A warning message is displayed to users visiting a site using TLS 1.0 or 1.1 (Image source: chromium.org)

Chrome’s new warning will be a full-page notification explaining that the page the browser is trying to visit is not completely secure. In addition, it will include a message ERR_SSL_OBSOLETE_VERSION. The “deprecated version” referred to in the warning will be TLS 1.0 or TLS 1.1.

This is why

Google is encouraging site administrators to enable TLS 1.2 or later immediately. The process for doing this will vary depending on your hosting provider, which we’ll look at shortly.

Information

You can take full advantage of the web performance and security benefits of TLS 1.3 with all Kinsta plans.

First, however, let’s talk about how to determine if this potential issue is relevant to

your site.

How to find out which version

of TLS your site is running

If you have already encountered the ERR_SSL_OBSOLETE_VERSION warning, then you know that your site only uses outdated versions of TLS. For example, you may encounter this error when using Google Search Console.

However, what if you’re not sure which version of TLS is enabled on your website?

Fortunately, there are multiple potential ways to find this information. One of the easiest is to use Chrome DevTools.

You can access these tools using Command+Option+C (on a Mac) or Control+Shift+C (on Windows and Linux). Then, click

on the Security tab:

chrome devtools security tab
The Security tab in Chrome DevTools

In the Security Overview, the Connection section you must indicate which version of TLS your site is running. If that version is 1.2 or 1.3, as in the example above, you don’t need to worry about the warning from ERR_SSL_OBSOLETE_VERSION Chrome. If the version is 1.0 or 1.1, then you have some work to do.

How to enable Chrome TLS 1.2 or later

To avoid ERR_SSL_OBSOLETE_VERSION notification, webmasters will need to enable TLS 1.2 or later on their websites.

You do not need to turn off support for versions 1.0 and 1.1

. Instead,

you just need to make sure your site allows connections via Chrome TLS 1.2 and/or 1.3, so that users with newer browser versions can visit your site safely.

Exactly how to do this will vary significantly, depending on your website host and configuration.

The first thing you’ll need to do is verify that your hosting server supports TLS 1.2 (at a minimum). To do that, you can visit Qualys SSL Server Test and enter your website hostname

: <img src="https://kinsta.com/wp-content/uploads/2020/02/ssl-labs-test-1.png" alt="

ssl labs test” />
The Qualys SSL Server Test Tool

In the results, look under >Protocol Settings for “TLS 1.2” and “TLS 1.3”:

SSL lab test
The Protocols section, which describes which versions of TLS are supported

If one or both read “Yes,” then you know your site is configured to use TLS 1.2 or higher. At that point, you’ll want to check your hosting provider’s documentation or contact them directly to find out how you can enable the protocol on your site.

On the other hand, if “TLS 1.2” is labeled “No,” it likely won’t be possible to enable that protocol and avoid ERR_SSL_OBSOLETE_VERSION notification. In that scenario, you’ll want to contact your web host to find out if you can upgrade to a different plan on a server configured for the latest TLS protocols.

Alternatively, you can also look for a new hosting provider that simplifies the resolution of this problem.

If you’re a Kinsta customer, you won’t have to worry about finding the ERR_SSL_OBSOLETE_VERSION warning on your site. Here at Kinsta, TLS 1.2 and 1.3 are enabled on all of our hosting plans by default. That means you won’t have to perform any installation or configuration.

Chrome began to stop using legacy TLS versions in 2020. At the same time, it now displays warnings like ‘ERR_SSL_OBSOLETE_VERSION’ to users. Here’s how to prevent this from happening to your site! 😰🔐Google

is

dropping support for TLS 1.0 and 1.1 and that’s a big deal since Chrome is the most used browser on the web, with over 73% of the browsers’ market share. So, if your website can’t transmit information using the newer TLS protocols, your visitors may face the warning ERR_SSL_OBSOLETE_VERSION Chrome.

The best way to avoid that notification and keep your visitors safe is to enable support for TLS 1.2 or higher. You can use Chrome DevTools and the Qualys SSL Server Test to see if your site and server enable these protocols.

If your current host doesn’t provide support for TLS 1.3, Kinsta provides it on all of its plans.

Contact US